From: SeokYeon Hwang <syeon.hwang@samsung.com>
Date: Wed, 25 Jun 2014 06:14:36 +0000 (+0900)
Subject: pci: add device realization check before the capability is unlinked
X-Git-Tag: Tizen_Studio_1.3_Release_p2.3.1~228^2^2~108^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cfc381fffc19a4b0fe68e3ba10b261e13005c65d;p=sdk%2Femulator%2Fqemu.git

pci: add device realization check before the capability is unlinked

"pdev" and its member may be unrealized and be freed, so accessing a member of "pdev" is able to cause heap memory corruption.

Check the change of "device_unparent()" in the commit 5c21ce77d7e5643089ceec556c0408445d017f32.

Change-Id: Iacb195a092c86d4c677ad0404582af104b2251ae
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
---

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 2a9f08eb0a..cdc8ee23d9 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -2056,7 +2056,11 @@ int pci_add_capability(PCIDevice *pdev, uint8_t cap_id,
 /* Unlink capability from the pci config space. */
 void pci_del_capability(PCIDevice *pdev, uint8_t cap_id, uint8_t size)
 {
-    uint8_t prev, offset = pci_find_capability_list(pdev, cap_id, &prev);
+    uint8_t prev, offset;
+    if (!(pdev->qdev.realized)) {
+        return;
+    }
+    offset = pci_find_capability_list(pdev, cap_id, &prev);
     if (!offset)
         return;
     pdev->config[prev] = pdev->config[offset + PCI_CAP_LIST_NEXT];